VULHUB ™

X-Stat is a freely available web traffic analyzer, written in PHP. It will run on Unix and Linux variants, as well as Microsoft operating systems. X-Stat fails to properly filter arbitrary script code from URL parameters. This makes it prone to cross-site scripting attacks. A remote attacker may create a link which contains malicious script code. When this link is clicked by a web user, the script code will execute in the browser of the web user, in the context of the site running the vulnerable software. Successful exploitation may enable an attacker to steal cookie-based authentication credentials from a legitimate user of the software.

X-Stat is a freely available web traffic analyzer, written in PHP. It will run on Unix and Linux variants, as well as Microsoft operating systems. X-Stat fails to properly filter arbitrary script code from URL parameters. This makes it prone to cross-site scripting attacks. A remote attacker may create a link which contains malicious script code. When this link is clicked by a web user, the script code will execute in the browser of the web user, in the context of the site running the vulnerable software. Successful exploitation may enable an attacker to steal cookie-based authentication credentials from a legitimate user of the software.